diff --git a/Add-EFI-signature-data-types.patch b/Add-EFI-signature-data-types.patch index 4bdea30..dd18408 100644 --- a/Add-EFI-signature-data-types.patch +++ b/Add-EFI-signature-data-types.patch @@ -1,4 +1,4 @@ -From 24ceffbbe2764a31328e1146a2cf4bdcf85664e7 Mon Sep 17 00:00:00 2001 +From 6fb2a60e6bfb5ce2d3a4964e7b47ac5c7ecd6f82 Mon Sep 17 00:00:00 2001 From: Dave Howells Date: Tue, 23 Oct 2012 09:30:54 -0400 Subject: [PATCH] Add EFI signature data types @@ -15,12 +15,12 @@ Signed-off-by: David Howells 1 file changed, 20 insertions(+) diff --git a/include/linux/efi.h b/include/linux/efi.h -index 333d0ca6940f..b3efb6d06344 100644 +index fb0734f..b80227a 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -603,6 +603,12 @@ void efi_native_runtime_setup(void); - EFI_GUID(0x3152bca5, 0xeade, 0x433d, \ - 0x86, 0x2e, 0xc0, 0x1c, 0xdc, 0x29, 0x1f, 0x44) +@@ -653,6 +653,12 @@ void efi_native_runtime_setup(void); + EFI_GUID(0x4a67b082, 0x0a4c, 0x41cf, \ + 0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f) +#define EFI_CERT_SHA256_GUID \ + EFI_GUID( 0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 ) @@ -31,9 +31,9 @@ index 333d0ca6940f..b3efb6d06344 100644 typedef struct { efi_guid_t guid; u64 table; -@@ -827,6 +833,20 @@ typedef struct { - - #define EFI_INVALID_TABLE_ADDR (~0UL) +@@ -885,6 +891,20 @@ typedef struct { + efi_memory_desc_t entry[0]; + } efi_memory_attributes_table_t; +typedef struct { + efi_guid_t signature_owner; @@ -53,5 +53,5 @@ index 333d0ca6940f..b3efb6d06344 100644 * All runtime access to EFI goes through this structure: */ -- -2.5.0 +2.5.5 diff --git a/Add-option-to-automatically-enforce-module-signature.patch b/Add-option-to-automatically-enforce-module-signature.patch index 015371b..d3fab02 100644 --- a/Add-option-to-automatically-enforce-module-signature.patch +++ b/Add-option-to-automatically-enforce-module-signature.patch @@ -1,8 +1,7 @@ -From 37431394b3eeb1ef6d38d0e6b2693210606c2c2c Mon Sep 17 00:00:00 2001 +From 8802c7e62531b3867580068ee8b50415b966d22c Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 9 Aug 2013 18:36:30 -0400 -Subject: [PATCH 10/20] Add option to automatically enforce module signatures - when in Secure Boot mode +Subject: [PATCH 10/20] Add option to automatically enforce module signatures when in Secure Boot mode UEFI Secure Boot provides a mechanism for ensuring that the firmware will only load signed bootloaders and kernels. Certain use cases may also @@ -12,16 +11,16 @@ that enforces this automatically when enabled. Signed-off-by: Matthew Garrett --- Documentation/x86/zero-page.txt | 2 ++ - arch/x86/Kconfig | 10 ++++++++++ - arch/x86/boot/compressed/eboot.c | 36 +++++++++++++++++++++++++++++++++++ - arch/x86/include/uapi/asm/bootparam.h | 3 ++- - arch/x86/kernel/setup.c | 6 ++++++ - include/linux/module.h | 6 ++++++ - kernel/module.c | 7 +++++++ - 7 files changed, 69 insertions(+), 1 deletion(-) + arch/x86/Kconfig | 10 ++++++ + arch/x86/boot/compressed/eboot.c | 66 +++++++++++++++++++++++++++++++++++ + arch/x86/include/uapi/asm/bootparam.h | 3 +- + arch/x86/kernel/setup.c | 6 ++++ + include/linux/module.h | 6 ++++ + kernel/module.c | 7 ++++ + 7 files changed, 99 insertions(+), 1 deletion(-) diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt -index 95a4d34af3fd..b8527c6b7646 100644 +index 95a4d34..b8527c6 100644 --- a/Documentation/x86/zero-page.txt +++ b/Documentation/x86/zero-page.txt @@ -31,6 +31,8 @@ Offset Proto Name Meaning @@ -34,10 +33,10 @@ index 95a4d34af3fd..b8527c6b7646 100644 290/040 ALL edd_mbr_sig_buffer EDD MBR signatures 2D0/A00 ALL e820_map E820 memory map table diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index cc0d73eac047..14db458f4774 100644 +index 2dc18605..a701d09 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1734,6 +1734,16 @@ config EFI_MIXED +@@ -1785,6 +1785,16 @@ config EFI_MIXED If unsure, say N. @@ -55,7 +54,7 @@ index cc0d73eac047..14db458f4774 100644 def_bool y prompt "Enable seccomp to safely compute untrusted bytecode" diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index ee1b6d346b98..b4de3faa3f29 100644 +index 52fef60..6b8b9a7 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c @@ -12,6 +12,7 @@ @@ -66,8 +65,8 @@ index ee1b6d346b98..b4de3faa3f29 100644 #include "../string.h" #include "eboot.h" -@@ -827,6 +828,37 @@ out: - return status; +@@ -571,6 +572,67 @@ free_handle: + efi_call_early(free_pool, pci_handle); } +static int get_secure_boot(void) @@ -101,10 +100,40 @@ index ee1b6d346b98..b4de3faa3f29 100644 +} + + - /* - * See if we have Graphics Output Protocol - */ -@@ -1412,6 +1444,10 @@ struct boot_params *efi_main(struct efi_config *c, ++/* ++ * See if we have Graphics Output Protocol ++ */ ++static efi_status_t setup_gop(struct screen_info *si, efi_guid_t *proto, ++ unsigned long size) ++{ ++ efi_status_t status; ++ void **gop_handle = NULL; ++ ++ status = efi_call_early(allocate_pool, EFI_LOADER_DATA, ++ size, (void **)&gop_handle); ++ if (status != EFI_SUCCESS) ++ return status; ++ ++ status = efi_call_early(locate_handle, ++ EFI_LOCATE_BY_PROTOCOL, ++ proto, NULL, &size, gop_handle); ++ if (status != EFI_SUCCESS) ++ goto free_handle; ++ ++ if (efi_early->is64) ++ status = setup_gop64(si, proto, size, gop_handle); ++ else ++ status = setup_gop32(si, proto, size, gop_handle); ++ ++free_handle: ++ efi_call_early(free_pool, gop_handle); ++ return status; ++} ++ + static efi_status_t + setup_uga32(void **uga_handle, unsigned long size, u32 *width, u32 *height) + { +@@ -1126,6 +1188,10 @@ struct boot_params *efi_main(struct efi_config *c, else setup_boot_services32(efi_early); @@ -116,7 +145,7 @@ index ee1b6d346b98..b4de3faa3f29 100644 setup_efi_pci(boot_params); diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h -index 329254373479..b61f8533c0fd 100644 +index 3292543..b61f853 100644 --- a/arch/x86/include/uapi/asm/bootparam.h +++ b/arch/x86/include/uapi/asm/bootparam.h @@ -134,7 +134,8 @@ struct boot_params { @@ -130,10 +159,10 @@ index 329254373479..b61f8533c0fd 100644 * The sentinel is set to a nonzero value (0xff) in header.S. * diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index baadbf90a7c5..1ac118146e90 100644 +index 2367ae0..1a78bf7 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1135,6 +1135,12 @@ void __init setup_arch(char **cmdline_p) +@@ -1146,6 +1146,12 @@ void __init setup_arch(char **cmdline_p) io_delay_init(); @@ -147,7 +176,7 @@ index baadbf90a7c5..1ac118146e90 100644 * Parse the ACPI tables for possible boot-time SMP configuration. */ diff --git a/include/linux/module.h b/include/linux/module.h -index db386349cd01..4b8df91f03cd 100644 +index ab13009..e072b84 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -273,6 +273,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add); @@ -164,10 +193,10 @@ index db386349cd01..4b8df91f03cd 100644 extern int modules_disabled; /* for sysctl */ diff --git a/kernel/module.c b/kernel/module.c -index 7f045246e123..2b403ab0ef29 100644 +index 392ac8c..676c578 100644 --- a/kernel/module.c +++ b/kernel/module.c -@@ -4088,6 +4088,13 @@ void module_layout(struct module *mod, +@@ -4081,6 +4081,13 @@ void module_layout(struct module *mod, EXPORT_SYMBOL(module_layout); #endif @@ -182,5 +211,5 @@ index 7f045246e123..2b403ab0ef29 100644 { #ifdef CONFIG_MODULE_SIG -- -2.4.3 +2.5.5 diff --git a/config-arm-generic b/config-arm-generic index 5b03071..989dbf7 100644 --- a/config-arm-generic +++ b/config-arm-generic @@ -175,6 +175,9 @@ CONFIG_EFI_VARS=y CONFIG_EFIVAR_FS=y CONFIG_EFI_VARS_PSTORE=y CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE=y +# CONFIG_EFI_BOOTLOADER_CONTROL is not set +# CONFIG_EFI_CAPSULE_LOADER is not set + # Power management / thermal / cpu scaling # CONFIG_ARM_CPUIDLE is not set diff --git a/config-generic b/config-generic index d569139..2ffca51 100644 --- a/config-generic +++ b/config-generic @@ -1826,13 +1826,13 @@ CONFIG_B43=m CONFIG_B43_SDIO=y CONFIG_B43_BCMA=y CONFIG_B43_BCMA_PIO=y -# CONFIG_B43_DEBUG is not set +CONFIG_B43_DEBUG=y CONFIG_B43_PHY_LP=y CONFIG_B43_PHY_N=y CONFIG_B43_PHY_HT=y CONFIG_B43_PHY_G=y CONFIG_B43LEGACY=m -# CONFIG_B43LEGACY_DEBUG is not set +CONFIG_B43LEGACY_DEBUG=y CONFIG_B43LEGACY_DMA=y CONFIG_B43LEGACY_PIO=y CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y @@ -5169,7 +5169,7 @@ CONFIG_PM_DEBUG=y # CONFIG_DPM_WATCHDOG is not set # revisit this in debug CONFIG_PM_TRACE=y CONFIG_PM_TRACE_RTC=y -# CONFIG_PM_TEST_SUSPEND is not set +CONFIG_PM_TEST_SUSPEND=y # CONFIG_PM_OPP is not set # CONFIG_PM_AUTOSLEEP is not set # CONFIG_PM_WAKELOCKS is not set @@ -5696,6 +5696,7 @@ CONFIG_RCU_TORTURE_TEST_SLOW_INIT_DELAY=3 CONFIG_RCU_KTHREAD_PRIO=0 CONFIG_SPARSE_RCU_POINTER=y # CONFIG_RCU_EXPERT is not set +# CONFIG_RCU_PERF_TEST is not set # CONFIG_LIVEPATCH is not set diff --git a/config-nodebug b/config-nodebug index 5a4319a..19213ef 100644 --- a/config-nodebug +++ b/config-nodebug @@ -2,101 +2,101 @@ CONFIG_SND_VERBOSE_PRINTK=y CONFIG_SND_DEBUG=y CONFIG_SND_PCM_XRUN_DEBUG=y -# CONFIG_DEBUG_ATOMIC_SLEEP is not set - -# CONFIG_DEBUG_MUTEXES is not set -# CONFIG_DEBUG_RT_MUTEXES is not set -# CONFIG_DEBUG_LOCK_ALLOC is not set -# CONFIG_LOCK_TORTURE_TEST is not set -# CONFIG_PROVE_LOCKING is not set -# CONFIG_DEBUG_SPINLOCK is not set -# CONFIG_PROVE_RCU is not set +CONFIG_DEBUG_ATOMIC_SLEEP=y + +CONFIG_DEBUG_MUTEXES=y +CONFIG_DEBUG_RT_MUTEXES=y +CONFIG_DEBUG_LOCK_ALLOC=y +CONFIG_LOCK_TORTURE_TEST=m +CONFIG_PROVE_LOCKING=y +CONFIG_DEBUG_SPINLOCK=y +CONFIG_PROVE_RCU=y # CONFIG_PROVE_RCU_REPEATEDLY is not set -# CONFIG_DEBUG_PER_CPU_MAPS is not set +CONFIG_DEBUG_PER_CPU_MAPS=y CONFIG_CPUMASK_OFFSTACK=y -# CONFIG_CPU_NOTIFIER_ERROR_INJECT is not set +CONFIG_CPU_NOTIFIER_ERROR_INJECT=m -# CONFIG_FAULT_INJECTION is not set -# CONFIG_FAILSLAB is not set -# CONFIG_FAIL_PAGE_ALLOC is not set -# CONFIG_FAIL_MAKE_REQUEST is not set -# CONFIG_FAULT_INJECTION_DEBUG_FS is not set -# CONFIG_FAULT_INJECTION_STACKTRACE_FILTER is not set -# CONFIG_FAIL_IO_TIMEOUT is not set -# CONFIG_FAIL_MMC_REQUEST is not set +CONFIG_FAULT_INJECTION=y +CONFIG_FAILSLAB=y +CONFIG_FAIL_PAGE_ALLOC=y +CONFIG_FAIL_MAKE_REQUEST=y +CONFIG_FAULT_INJECTION_DEBUG_FS=y +CONFIG_FAULT_INJECTION_STACKTRACE_FILTER=y +CONFIG_FAIL_IO_TIMEOUT=y +CONFIG_FAIL_MMC_REQUEST=y -# CONFIG_LOCK_STAT is not set +CONFIG_LOCK_STAT=y -# CONFIG_DEBUG_STACK_USAGE is not set +CONFIG_DEBUG_STACK_USAGE=y -# CONFIG_ACPI_DEBUG is not set +CONFIG_ACPI_DEBUG=y # CONFIG_ACPI_DEBUGGER is not set -# CONFIG_DEBUG_SG is not set -# CONFIG_DEBUG_PI_LIST is not set +CONFIG_DEBUG_SG=y +CONFIG_DEBUG_PI_LIST=y # CONFIG_PAGE_EXTENSION is not set # CONFIG_PAGE_OWNER is not set # CONFIG_DEBUG_PAGEALLOC is not set -# CONFIG_DEBUG_OBJECTS is not set +CONFIG_DEBUG_OBJECTS=y # CONFIG_DEBUG_OBJECTS_SELFTEST is not set -# CONFIG_DEBUG_OBJECTS_FREE is not set -# CONFIG_DEBUG_OBJECTS_TIMERS is not set -# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set +CONFIG_DEBUG_OBJECTS_FREE=y +CONFIG_DEBUG_OBJECTS_TIMERS=y +CONFIG_DEBUG_OBJECTS_RCU_HEAD=y CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1 CONFIG_X86_PTDUMP=y -# CONFIG_ARM64_PTDUMP is not set -# CONFIG_EFI_PGT_DUMP is not set +CONFIG_ARM64_PTDUMP=y +CONFIG_EFI_PGT_DUMP=y -# CONFIG_CAN_DEBUG_DEVICES is not set +CONFIG_CAN_DEBUG_DEVICES=y -# CONFIG_MODULE_FORCE_UNLOAD is not set +CONFIG_MODULE_FORCE_UNLOAD=y -# CONFIG_DEBUG_NOTIFIERS is not set +CONFIG_DEBUG_NOTIFIERS=y -# CONFIG_DMA_API_DEBUG is not set +CONFIG_DMA_API_DEBUG=y -# CONFIG_MMIOTRACE is not set +CONFIG_MMIOTRACE=y -# CONFIG_DEBUG_CREDENTIALS is not set +CONFIG_DEBUG_CREDENTIALS=y # off in both production debug and nodebug builds, # on in rawhide nodebug builds -# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +CONFIG_DEBUG_FORCE_WEAK_PER_CPU=y -# CONFIG_EXT4_DEBUG is not set +CONFIG_EXT4_DEBUG=y # CONFIG_XFS_WARN is not set -# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +CONFIG_DEBUG_PERF_USE_VMALLOC=y -# CONFIG_JBD2_DEBUG is not set +CONFIG_JBD2_DEBUG=y -# CONFIG_NFSD_FAULT_INJECTION is not set +CONFIG_NFSD_FAULT_INJECTION=y -# CONFIG_DEBUG_BLK_CGROUP is not set +CONFIG_DEBUG_BLK_CGROUP=y -# CONFIG_DRBD_FAULT_INJECTION is not set +CONFIG_DRBD_FAULT_INJECTION=y -# CONFIG_ATH_DEBUG is not set -# CONFIG_CARL9170_DEBUGFS is not set -# CONFIG_IWLWIFI_DEVICE_TRACING is not set +CONFIG_ATH_DEBUG=y +CONFIG_CARL9170_DEBUGFS=y +CONFIG_IWLWIFI_DEVICE_TRACING=y # CONFIG_RTLWIFI_DEBUG is not set -# CONFIG_DEBUG_OBJECTS_WORK is not set +CONFIG_DEBUG_OBJECTS_WORK=y -# CONFIG_DMADEVICES_DEBUG is not set +CONFIG_DMADEVICES_DEBUG=y # CONFIG_DMADEVICES_VDEBUG is not set CONFIG_PM_ADVANCED_DEBUG=y -# CONFIG_CEPH_LIB_PRETTYDEBUG is not set -# CONFIG_QUOTA_DEBUG is not set +CONFIG_CEPH_LIB_PRETTYDEBUG=y +CONFIG_QUOTA_DEBUG=y CONFIG_KGDB_KDB=y @@ -104,19 +104,19 @@ CONFIG_KDB_DEFAULT_ENABLE=0x0 CONFIG_KDB_KEYBOARD=y CONFIG_KDB_CONTINUE_CATASTROPHIC=0 -# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set +CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y # CONFIG_PERCPU_TEST is not set -# CONFIG_TEST_LIST_SORT is not set +CONFIG_TEST_LIST_SORT=y # CONFIG_TEST_STRING_HELPERS is not set -# CONFIG_DETECT_HUNG_TASK is not set +CONFIG_DETECT_HUNG_TASK=y CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 # CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set -# CONFIG_WQ_WATCHDOG is not set +CONFIG_WQ_WATCHDOG=y -# CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK is not set +CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y -# CONFIG_DEBUG_KMEMLEAK is not set +CONFIG_DEBUG_KMEMLEAK=y CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=1024 # CONFIG_DEBUG_KMEMLEAK_TEST is not set CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y @@ -127,4 +127,4 @@ CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y # CONFIG_SPI_DEBUG is not set -# CONFIG_DEBUG_VM_PGFLAGS is not set +CONFIG_DEBUG_VM_PGFLAGS=y diff --git a/config-x86-generic b/config-x86-generic index 06ddcd1..e2e52e4 100644 --- a/config-x86-generic +++ b/config-x86-generic @@ -48,6 +48,8 @@ CONFIG_FB_EFI=y CONFIG_EARLY_PRINTK_EFI=y CONFIG_EFI_RUNTIME_MAP=y # CONFIG_EFI_FAKE_MEMMAP is not set +# CONFIG_EFI_BOOTLOADER_CONTROL is not set +# CONFIG_EFI_CAPSULE_LOADER is not set # needs FB_SIMPLE to work correctly # CONFIG_X86_SYSFB is not set @@ -374,7 +376,7 @@ CONFIG_SP5100_TCO=m # CONFIG_MEMTEST is not set # CONFIG_DEBUG_TLBFLUSH is not set -# CONFIG_MAXSMP is not set +CONFIG_MAXSMP=y CONFIG_HP_ILO=m diff --git a/gitrev b/gitrev index 2d038f9..cdf953f 100644 --- a/gitrev +++ b/gitrev @@ -1 +1 @@ -a2ccb68b1e6add42c0bf3ade73cd11c98d32b890 +3469d261eac65912927dca13ee8f77c744ad7aa2 diff --git a/kernel.spec b/kernel.spec index b448a47..afb40b9 100644 --- a/kernel.spec +++ b/kernel.spec @@ -6,7 +6,7 @@ Summary: The Linux kernel # For a stable, released kernel, released_kernel should be 1. For rawhide # and/or a kernel built from an rc or git snapshot, released_kernel should # be 0. -%global released_kernel 1 +%global released_kernel 0 # Sign modules on x86. Make sure the config files match this setting if more # architectures are added. @@ -69,7 +69,7 @@ Summary: The Linux kernel # The rc snapshot level %define rcrev 0 # The git snapshot level -%define gitrev 0 +%define gitrev 1 # Set rpm version accordingly %define rpmversion 4.%{upstream_sublevel}.0 %endif @@ -125,7 +125,7 @@ Summary: The Linux kernel # Set debugbuildsenabled to 1 for production (build separate debug kernels) # and 0 for rawhide (all kernels are debug kernels). # See also 'make debug' and 'make release'. -%define debugbuildsenabled 1 +%define debugbuildsenabled 0 # Want to build a vanilla kernel build without any non-upstream patches? %define with_vanilla %{?_with_vanilla: 1} %{?!_with_vanilla: 0} @@ -2147,6 +2147,11 @@ fi # # %changelog +* Mon May 16 2016 Laura Abbott - 4.7.0-0.rc0.git1.1 +- Linux v4.6-153-g3469d26 +- Reenable debugging options. +- locking, efi, signals, rcu merges + * Mon May 16 2016 Justin M. Forbes - Disable CONFIG_DEBUG_VM_PGFLAGS on non debug kernels (rhbz 1335173) diff --git a/sources b/sources index 34226de..08770cc 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ d2927020e24a76da4ab482a8bc3e9ef3 linux-4.6.tar.xz fd23b14b9d474c3dfacb6e8ee82d3a51 perf-man-4.6.tar.gz +dbf9c922e53f859e25cb1174963c09bd patch-4.6-git1.xz